Ask HN: Are most security breaches based on social engineering?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
hardware-buttons scrape-images linkedin-bot

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • APT_CyberCriminal_Campagin_Collections

    APT & CyberCriminal Campaign Collection

    • You can look at:

    - A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

    - Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

    - VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

    [0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

    [1] https://twitter.com/uuallan/status/1437068825636265985

    [2] https://github.com/vz-risk/VCDB

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • APT_CyberCriminal_Campagin_C

    • You can look at:

    - A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

    - Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

    - VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

    [0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

    [1] https://twitter.com/uuallan/status/1437068825636265985

    [2] https://github.com/vz-risk/VCDB

  • VCDB

    VERIS Community Database

    • You can look at:

    - A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

    - Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

    - VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

    [0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

    [1] https://twitter.com/uuallan/status/1437068825636265985

    [2] https://github.com/vz-risk/VCDB

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • What is an appropriate way to install debian packages in a completely air-gapped environment?

    3 projects | /r/devops | 6 Dec 2023

  • Apt-based dependency injection for server-side developers

    1 project | news.ycombinator.com | 21 Nov 2023

  • Avaje Inject - Microservice Focused DI via Annotation Processing

    2 projects | /r/java | 30 Jun 2023

  • About nautilus-typeahead

    3 projects | /r/debian | 2 Jun 2023

  • Need help ASAP: Ethernet not working in Ubuntu 22.04.2

    1 project | /r/linuxquestions | 2 May 2023